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DETAILED ACTION 
Response to Arguments 

1 . Applicant's arguments, filed 1/25/2008, with respect to the rejection(s) of claim(s) 1-52 
under 35 U.S. C. 103 have been fiiUy considered and the are not persuasive. 

Applicant argues that the device to be discovered cannot be a wireless device and the 
MAC address cannot correspond to a wireless device and Ocepek does not teach such a device. 
However, examiner disagrees. WAP is a wireless device since it provides data to clients and 
preventing access for WAP will prevent unauthorized users fi-om accessing the network. 
Applicant further argues that WAP cannot communicate with a server. However, examiner 
disagrees. WAP communicates with a server through switch. 

Objection to Abstract is not withdrawn. 

Specification 

2. Applicant is reminded of the proper language and format for an abstract of the disclosure. 

The abstract should be in narrative form and generally limited to a single paragraph on a 
separate sheet within the range of 50 to 150 words. It is important that the abstract not exceed 
150 words in length since the space provided for the abstract on the computer tape used by the 
printer is limited. The form and legal phraseology often used in patent claims, such as 
"means" and "said," should be avoided. The abstract should describe the disclosure 
sufficiently to assist readers in deciding whether there is a need for consulting the full patent text 
for details. 

The language should be clear and concise and should not repeat information given in the 
title. It should avoid using phrases which can be implied, such as, "The disclosure concems," 
"The disclosure defined by this invention," "The disclosure describes," etc. 

3. The lengthy specification has not been checked to the extent necessary to determine the 
presence of all possible minor errors. Applicant's cooperation is requested in correcting any 
errors of which applicant may become aware in the specification. 
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Claim Rejections - 35 USC § 103 

4. The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

5. Claims 1-5, 7, 10-14, 17-22, 24, 27-31, 34-37, 39, 42-46, 49-52 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Ocepek et al. (USPN 7,124,197, Herein as Ocepek). 

Regarding claim 1, Ocepek teaches a method for detecting a device on a network [Col. 
5, lines 14-15], said method comprising: receiving from the network a packet with an address 
[Fig. 6, Source field is an address field which is received by security device as stated in Col. 
7, lines 39-40] ; and indicating that the received packet corresponds to the device based on the 
address and on an operating system associated with the received packet [Col. 7, lines 43-47, 
source MAC address specifies the operating system] . 

However, Ocepek in Col. 7, lines 43-47 does not teach that the device is a wireless access 
device as cited in the original action rather teaches that the device is a server. 

Ocepek teaches the device can be wireless access device [Fig. 1, 20, since WAP has a 
MAC address the same concept can be used to identify a wireless device]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have a check for the wireless access device so that intruder can be prevented from 
gaining access to internal server and servers can be protected [Col. 2, lines 16-20]. 

Regarding claim 2, Ocepek teaches a method for detecting a device on a network [Col. 
5, lines 14-15], said method comprising: receiving from the network a packet with an address 
[Fig. 6, Source field is an address field which is received by security device as stated in Col. 
7, lines 39-40]; comparing the address with one or more registered addresses [Col. 8, lines 54- 
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59]; determining an operating system associated with the address, when said comparing the 
address results in a match between the address and at least one of the registered addresses [Col. 
8, lines 59-63, source MAC address can be used to determine operating system Col. 7, lines 
43-44]; comparing the determined operating system with one or more stored operating systems, 
such that at least one of the stored operating systems corresponds to the device [Col. 8, lines 63- 
65, MAC address is used to determine and compare operating system as discussed in Col. 7, 
lines 43-44, each MAC address can tell the operating system since specific manufactures 
are assigned particular series of MAC addresses as applicant discussed in his application]; 
and indicating that the received packet corresponds to the device when the determined operating 
system matches at least one of the stored operating systems [Col. 7, lines 43-55]. 

However, Ocepek in Col. 7, lines 43-55 does not teach that the device is a wireless access 
device rather teaches the device is a server. 

Ocepek teaches the device can be wireless access device [Fig. 1, 20, since WAP has a 
MAC address the same concept can be used to identify a wireless device]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have a check for the wireless access device so that intruder can be prevented from 
gaining access to internal server and servers can be protected [Col. 2, lines 16-20]. 

Regarding claims 3, 20, 35, Ocepek teaches receiving the address with information 
identifying a source of a packet [Col. 8, lines 57-59] . 

Regarding claims 4, 21, 36, Ocepek teaches using an organizationally unique identifier 
as the information identifying the source [Col. 8, lines 57-59, MAC address' first portion has 
organizationally unique identifier]. 



Application/Control Number: 10/645,388 Page 5 

Art Unit: 2616 

Regarding claims 5, 22, 37, Ocepek teaches receiving the address based on passively 
monitoring the network [Col. 5, lines 22-26]. 

Regarding claims 7, 24, 39, Ocepek teaches determining whether a first organizationally 
unique identifier of the address is similar to a second organizationally unique identifier of at least 
one of the registered addresses [Col. 8, lines 63-65, MAC address has an organizational 
unique identifier in its first portion] . 

Regarding claims 10, 27, 42, Ocepek teaches indicating the wireless access device is not 
authorized on the network [Col. 8, lines 59-63, a Null value of MAC address indicates the 
wireless device is not authorized yet]. 

Regarding claims 11, 28, 43, Ocepek teaches storing the one or more registered 
addresses, such that the one or more registered addresses are searchable [Fig. 11, Col. 10, lines 
49-51]. 

Regarding claims 12, 29, 44, Ocepek teaches storing a portion of at least one of the 
registered addresses [Fig. 11]. 

Regarding claims 13, 30, 45, Ocepek teaches using an organizationally unique identifier 
as the portion [Fig. 11, IP address and MAC address has an organizational unique identifier 
in its first portion]. 

Regarding claims 14, 31, 46, Ocepek teaches storing a plurality of the organizationally 
unique identifiers, such that the organizationally unique identifiers are searchable [Fig. 11, Col. 
10, lines 49-51]. 

Regarding claim 17, Ocepek teaches indicating that the received packet corresponds to 
the wireless access device when the determined operating system does not match the stored 
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operating systems [Col. 8, lines 63-65, it identifies the device whether operating systems 
matches or not]. 

Regarding claim 18, Ocepek teaches a system for detecting a device on a network 
[Abstract], said system comprising: means for receiving from the network a packet with an 
address [Fig. 6, Source field is an address field which is received by security device as stated 
in Col. 7, lines 39-40]; means for comparing the address with one or more registered addresses 
[Col. 8, lines 54-59]; means for determining an operating system associated with the address, 
when said comparing the address results in a match between the address and at least one of the 
registered addresses [Col. 8, lines 59-63, source MAC address can be used to determine 
operating system Col. 7, lines 43-44]; means for comparing the determined operating system 
with one or more stored operating systems, such that at least one of the stored operating systems 
corresponds to the device [Col. 8, lines 63-65, MAC address is used to determine and 
compare operating system as discussed in Col. 7, lines 43-44, each MAC address can tell the 
operating system since specific manufactures are assigned particular series of MAC 
addresses as applicant discussed in his application]; and means for indicating that the received 
packet corresponds to the device when the determined operating system matches at least one of 
the stored operating systems [Col. 7, lines 43-55[. 

However, Ocepek in Col. 7, lines 43-55 does not teach that the device is a wireless access 
device rather teaches the device is a server. 

Ocepek teaches the device can be wireless access device [Fig. 1, 20, since WAP has a 
MAC address the same concept can be used to identify a wireless device]. 
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It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have a check for the wireless access device so that intruder can be prevented from 
gaining access to internal server and servers can be protected [Col. 2, lines 16-20]. 

Regarding claim 19, Ocepek teaches a system for detecting a device on a network 
[Abstract], said system comprising: at least one memory [Fig. 7, 102, Col. 7, lines 60-62] 
comprising: code that receives from the network a packet with an address [Fig. 6, Source field is 
an address field which is received by security device as stated in Col. 7, fines 39-40]; code 
that compares the address with one or more registered addresses [Col. 8, lines 54-59]; code that 
determines an operating system associated with the address, when said comparing the address 
results in a match between the address and at least one of the registered addresses [Col. 8, lines 
59-63, source MAC address can be used to determine operating system Col. 7, fines 43-44]; 
code that compares the determined operating system with one or more stored operating systems, 
such that at least one of the stored operating systems corresponds to the device [Col. 8, lines 63- 
65, MAC address is used to determine and compare operating system as discussed in Col. 7, 
lines 43-44, each MAC address can tell the operating system since specific manufactures 
are assigned particular series of MAC addresses as appficant discussed in his appUcation]; 
and code that indicates that the received packet corresponds to the device when the determined 
operating system matches at least one of the stored operating systems [Col. 7, lines 43-55]; and 
at least one data processor that executes the code [Fig. 7, 134, Col. 8, lines 9-11] . 

However, Ocepek in Col. 7, lines 43-55 does not teach that the device is a wireless access 
device rather teaches the device is a server. 
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Ocepek teaches the device can be wireless access device [Fig. 1, 20, since WAP has a 
MAC address the same concept can be used to identify a wireless device]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have a check for the wireless access device so that intruder can be prevented from 
gaining access to internal server and servers can be protected [Col. 2, lines 16-20]. 

Regarding claim 34, Ocepek teaches a computer program product for detecting a device 
on a network [Fig. 7, 102], the computer program product comprising: code that receives from 
the network a packet with an address [Fig. 6, Source field is an address field which is received 
by security device as stated in Col. 7, lines 39-40]; code that compares the address with one or 
more registered addresses [Col. 8, lines 54-59]; code that determines an operating system 
associated with the address, when said comparing the address results in a match between the 
address and at least one of the registered addresses [Col. 8, lines 59-63, source MAC address 
can be used to determine operating system Col. 7, lines 43-44]; code that compares the 
determined operating system with one or more stored operating systems, such that at least one of 
the stored operating systems corresponds to the device [Col. 8, lines 63-65, MAC address is 
used to determine and compare operating system as discussed in Col. 7, lines 43-44, each 
MAC address can tell the operating system since specific manufactures are assigned 
particular series of MAC addresses as applicant discussed in his application] ; and code that 
indicates that the received packet corresponds to the device when the determined operating 
system matches at least one of the stored operating systems [Col. 7, lines 43-55]; and at least one 
data processor that executes the code [Fig. 7, 134, Col. 8, lines 9-11]. 
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However, Ocepek in Col. 7, lines 43-55 does not teach that the device is a wireless access 
device rather teaches the device is a server. 

Ocepek teaches the device can be wireless access device [Fig. 1, 20, since WAP lias a 
MAC address tlie same concept can be used to identify a wireless device]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have a check for the wireless access device so that intruder can be prevented from 
gaining access to internal server and servers can be protected [Col. 2, lines 16-20]. 

Regarding claim 49, Ocepek teaches a system comprising: a network [Fig. 7, 12]; and a 
processor connected to the network, wherein the processor receives one or more packets from the 
network, the processor [Fig. 7, 134] further comprising: means for determining an operating 
system associated with at least one of the packets [Col. 8, 59-63, source MAC address is used 
to determine operating system. Col. 7, lines 43-44] when an Organizationally Unique 
Identifier included in the at least one packet represents a device [Col. 8, lines 63-65, MAC 
address' first portion has organizationally unique identifier]; means for comparing the 
determined operating system with one or more device operating systems [Col. 8, lines 63-65, 
MAC address is used to determine and compare operating system as discussed in Col. 7, 
lines 43-44, each MAC address can tell the operating system since specific manufactures 
are assigned particular series of MAC addresses as applicant discussed in his application]; 
and means for indicating that the at least one packet corresponds to the device, when the 
determined operating system matches at least one of the device operating systems [Col. 7, lines 
43-55]. 
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However, Ocepek in Col. 7, lines 43-55 does not teach that the device is a wireless access 
device rather teaches the device is a server. 

Ocepek teaches the device can be wireless access device [Fig. 1, 20, since WAP lias a 
MAC address tlie same concept can be used to identify a wireless device]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have a check for the wireless access device so that intruder can be prevented from 
gaining access to internal server and servers can be protected [Col. 2, lines 16-20]. 

Regarding claim 50, Ocepek teaches a system comprising: a network [Fig. 1, 12]; a first 
processor interfaced to the network [Fig. 1, 24, Col. 4, lines 57-60, client device has a 
processor since it performs the task described in above mentioned lines]; and a second 
processor interfaced to the network, wherein the second processor receives one or more packets 
from the network and the first processor [Fig. 7, 134, Fig. 7 is a diagram of security device 10], 
the second processor further comprising means for indicating that the first processor corresponds 
to a device based on an address of the first processor and on an operating system of the first 
processor [Col. 7, lines 43-47, source MAC address specifies the operating system]. 

However, Ocepek in Col. 7, lines 43-47 does not teach that the device is a wireless access 
device rather teaches the device is a server. 

Ocepek teaches the device can be wireless access device [Fig. 1, 20, since WAP has a 
MAC address the same concept can be used to identify a wireless device]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have a check for the wireless access device so that intruder can be prevented from 
gaining access to internal server and servers can be protected [Col. 2, lines 16-20]. 
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Regarding claim 51, Ocepek teaches a system for detecting a device on a network [Col. 
5, lines 14-15], said system comprising: at least one memory [Fig. 7, 102] comprising: code that 
receives from the network a packet with an address [Fig. 6, Source field is an address field 
which is received by security device as stated in Col. 7, lines 39-40]; and code that indicates 
that the received packet corresponds to the device based on the address and on an operating 
system associated with the received packet [Col. 7, lines 43-47, source MAC address specifies 
the operating system]; and at least one processor for executing the code [Fig. 7, 134]. 

However, Ocepek in Col. 7, lines 43-47 does not teach that the device is a wireless access 
device rather teaches the device is a server. 

Ocepek teaches the device can be wireless access device [Fig. 1, 20, since WAP has a 
MAC address the same concept can be used to identify a wireless device]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have a check for the wireless access device so that intruder can be prevented from 
gaining access to internal server and servers can be protected [Col. 2, lines 16-20]. 

Regarding claim 52, Ocepek teaches a computer program product, tangibly embodied in 
a computer-retable storage medium, for detecting a device on a network and containing 
instructions which, when executed on a processor, perform a method [Fig. 7, 102] comprising: 
receiving from the network a packet with an address [Fig. 6, Source field is an address field 
which is received by security device as stated in Col. 7, lines 39-40]; and indicating that the 
received packet corresponds to the device based on the address and on an operating system 
associated with the received packet [Col. 7, lines 43-47, source MAC address specifies the 
operating system]. 
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However, Ocepek in Col. 7, lines 43-47 does not teach that the device is a wireless access 
device rather teaches the device is a server. 

Ocepek teaches the device can be wireless access device [Fig. 1, 20, since WAP lias a 
MAC address tlie same concept can be used to identify a wireless device]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have a check for the wireless access device so that intruder can be prevented from 
gaining access to internal server and servers can be protected [Col. 2, lines 16-20]. 

6. Claims 6, 23, 38 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ocepek 
et al. (USPN 7,124,197, Herein as Ocepek) in view of Moran (USPN 6,009,423). 

Regarding claims 6, 23, 38, Ocepek teaches a method, a system and a computer program 
product as discussed in rejection of claim 2, 19, 34 respectively. 

However, Ocepek does not teach comparing the address further comprises: determining 
whether a portion of the address is similar to a portion of at least one of the registered addresses. 

Moran teaches comparing based on determination of whether a portion of the address is 
similar to a portion of at least one of the registered addresses [Col. 4, lines 27-34]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to match only a portion of the address so that only small search tables would have to 
be searched [Col. 4, lines 56-67 - Col. 5, lines 1-2]. 



7. Claims 8, 25, 40 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ocepek 
et al. (USPN 7,124,197, Herein as Ocepek) in view of Lausier (USPN 7,174,373). 
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Regarding claims 8, 25, 40, Ocepek teaches a method, a system and a computer program 
product as discussed in rejection of claim 2, 19, 34 respectively. 

However, Ocepek does not teach determining the operating system at the IP address 
associated with the address. 

Lausier teaches determining the operating system at the IP address associated with the 
address [Col. 29, lines 20-25]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to determine the operating system associated with the IP address so that components 
of IP address can be assigned to a specific server [Col. 29, lines 43-48]. 

8. Claims 9, 26, 41 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ocepek 
et al. (USPN 7,124,197) in view of Lausier (USPN 7,174,373) as applied to claim 8 above, and 
further in view of Tarquini et al. (USPG-PUB 2003/0101353, Herein as Tarquini). 

Regarding claims 9, 26, 41, the references a method, a system and a computer program 
product as discussed in rejection of claims 8, 25, 34 respectively. 

However, the references do not teach determining the operating system using an nmap. 

Tarquini teaches determining the operating system using an nmap [Page 7-8, Paragraph 

45]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to determine the operating system using nmap so that it could be determined what 
operating system is a device running [Page 3, Paragraph 13]. 
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9. Claims 15, 16, 32, 33, 47, 48 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Ocepek et al. (USPN 7,124,197, Herein as Ocepek) in view of Jennings et al. (USPN 
6,580,712, Herein as Jennings). 

Regarding claims 15, 32, 47, Ocepek a method, a system and a computer program 
product as discussed in rejection of claims 14, 31, and 46 respectively. 

However, Ocepek does not teach storing the plurality of the organizationally unique 
identifiers, such that a more frequently encountered organizationally unique identifier is searched 
before a less frequently encountered organizationally unique identifier. 

Jennings teaches storing the plurality of the organizationally unique identifiers, such that 
a more ft-equently encountered organizationally unique identifier is searched before a less 
frequently encountered organizationally unique identifier [Col. 5, lines 50-52, first portion of 
MAC address has Organizationally unique identifier]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to store such that more frequently used identifiers are searched first to improve the 
performance of searching [Col. 5, lines 47-48]. 

Regarding claims 16, 33, 48, Ocepek teaches a method, a system and a computer 
program product as discussed in rejection of claims 14, 19, 48 respectively. 

However, Ocepek does not teach storing the stored operating system, such that a more 
frequently encountered stored operating system is searched before a less frequently encountered 
stored operating system. 

Jennings teaches storing the stored operating system, such that a more frequently 
encountered stored operating system is searched before a less frequently encountered stored 
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operating system [Col. 5, lines 50-52, MAC address can be used to determine operating 
system which is well-know in the art and applicant discusses this in his specification also 
and by storing the MAC addresses that are accessed most, the stored operating system will 
be stored in a such a way also]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to store such that more frequently used identifiers are searched first to improve the 
performance of searching [Col. 5, lines 47-48] . 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chandrahas Patel whose telephone number is (571)270-121 1. 
The examiner can normally be reached on Monday through Thursday 7:30 to 17:00 EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ricky Ngo can be reached on 571-272-3 139. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an apphcation may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Ricky Ngo/ 

Supervisory Patent Examiner, Art Unit 
2616 

/Chandrahas Patel/ 
Examiner, Art Unit 2616 



